Setting up Two-Factor Authentication

Two-Factor Authentication (2FA for short) is a good way to add an extra layer of security to your Discord account to make sure that only you have the ability to log in.

Important note: At the moment, you can only enable / disable 2FA on your account from the desktop app or modern browsers. Mobile users will have to access a computer to use 2FA. Only once though, we promise! =]

Once you click the enable button, you'll see a new 3 step prompt pop up. To begin the 2FA process, you'll either need to download Google Authenticator or Authy on your mobile device. Either one of these programs will work here.

Authenticate me, Google!

If you're using Google Authenticator, you'll be prompted to choose your input method, either scanning a barcode or entering a provided key:

Either one of these will work fine (since Discord provides both input methods) but keep in mind, Google Authenticator on Android will need you to install another barcode scanning app if you want to use that option. They require the ZXingBarcode Scanner app, which is totally fine and dandy:

Or, you can just input the code provided in Discord; no Barcode Scanner required.

Using Authy

Within Authy, you'll first need to enter your phone number and email to authenticate your phone:

You'll see a new pop-up with the option to verify via phone call or text message. Internal testing has yielded results that claim that the most recent smartphones are in fact capable of making and receiving phone calls, despite how rare this phenomenon appears.

Once you've authenticated your device, go ahead and press the "+" button in the center to add a new authentication account. Finally, you'll reach the "Authenticator Accounts" screen. You'll have the option to scan a QR code, or enter the code manually.

By our powers, combined!

This'll generate a 6 digit code that is the final piece to enabling 2FA in Discord. Enter it in, and you're good to go.

Seriously important stuff

Once you've enabled 2FA successfully, you'll see an option for "view backup codes" in the "My Account" tab. You'll need to re-enter your Discord password to see them. These can be used in an emergency to log back into Discord if you lose your phone or delete your authentication app for some reason (but don't do that. seriously). These codes are one-time use each. If you run out of these codes, you can click the Generate Codes button again to re-roll a new set, but doing so will render the previous list obsolete, so be 100% sure to keep the latest set somewhere safe.

No seriously, store them where you'll remember them. These are your last chance to recover your Discord account. We won't be able to help you if you lose these codes.

Server-Wide 2FA

Server owners also have an extra security lever they can pull to prevent unwanted perpetrators from causing havoc in their servers.

Why do we even have that lever? You'll find out shortly!

In your Server settings menu, you'll see a Moderation tab that allows you to require 2FA server-wide. While this doesn't require everyone that joins the server to have 2FA enabled, it does mean that anyone with admin powers won't get to use them unless they enable it. They'll see this pop up instead:

The specific permissions that are disabled ("Admin privileges") include:

Clicking the Resolve link in the popup will bring you directly to the security tab in your User Settings menu, where you can follow the above listed steps to get that set up and regain your Admin powers.

And that wraps up Discord's Two-Factor Authentication! Stay safe, Discordians.

Comments

Not. Working. Instructions for Authy? Nice, Instructions for those who use Google Authenticator? Please? It's worth mentioning that Google Authenticator will require you to install a QR scanner app even if you already have one. Strange.

@Goldpen GA instructions coming soon, got help up with the app. Awkward that it does make you install another scan app, though they're abundant and free. My GA app only has one set of digits, however, doesn't include anything with my DiscordTag. Can you shoot screenshots to [email protected] for more help?

My phone reset and now my Google Authenticator code will not allow me to activate the Discord App on my phone. I scanned the QR code above successfully but the Discord App refuses my 2FA pin code. This occurred after my phone did a complete wipe/reset and I re-installed Google Auth.

Update: I found a working solution and created another post here with the details on how to make it work.

@Cilantrelle As in, is it possible to use Two Factor Authentication if you have a Windows phone, which as far as I am aware does not have either Authy or Google Authenticator.
On that note, if one of my admins does not own a smartphone, how can they enable 2FA?

@Tablesalt We use generic TOTP, so anything that can yield a 6-digit authentication code will work, not just Google Auth / Authy. If your admin doesn't have a smartphone, they can use another device with a authentication program.

When Google Authentificator asked for my login, I gave the email I use for Discord. That is a problem since I finally figured out that the app expects me to provide a GOOGLE email at this step... (Amazingly enough, Google is not the only email provider *gasp*).

Centralizing everything, then selling this to me as being "for my convenience", is just a cheap marketing trick to herd people's information and make it easier to cross-reference. I took the time to read the other alternatives presented on GA (there were quite a few) but each of them ultimately had a condition that funneled you back to using more Google services.

Quoting Cilantrelle above:
"anything that can yield a 6-digit authentication code will work, not just Google Auth / Authy. If your admin doesn't have a smartphone, they can use another device with a authentication program"

So, I'll try to find another authentication app or service, as I won't use Google Authenticator or Authy (paid app).

@Goldpen let's take a few steps back here. Discord accepts ANY generic authentication app, we just provided the two easiest / most popular examples to date for users that don't want to go digging (seriously, who wants to spend extra energy adulting anyways). There's no storing of data, and no conspiracies here.. 2FA is an entirely optional feature, so you can completely opt-out if you want.

Second, Authy is entirely free to use for what you'd need to do in Discord, so your point there isn't correct. All the screenshots I provided were entirely from my app where I haven't paid anything. I even re-downloaded it 3 times in the process of writing the article.

@Cilantrelle I had to do an unavoidable Factory Reset on my phone, which cleared out my authentication application. I still have access to my account at the moment, but I have no way of getting authentication codes, and I cannot find a way to set up 2FA a second time. How can I register 2FA on my phone again?

I see the information is now much more detailed, I'm sure it will help those who had similar problems but were too shy to stick their head out.

"There is no storing of data, and no conspiracies here.." I couldn't help raising an eyebrow (Spoke-like) when I read this part of your reply. So, in a very civil manner, I will say that I don't appreciate these implications. I was actually referring to a common commercial tactic of using user data (navigation, etc.) to display ads that are more likely to engage the potential buyer and lead to a sale. Facebook uses that extensively already, it's not new. I hope this is more clear now.

You are indeed right about Authy. What confused me is that I checked their website, not the app store. When I went to their website, it was presented as a paid software but the phone app, which I looked up later on the app store, was indeed free.

When I have the time and patience, I'll document the procedure of enabling 2FA with the updated info above, so that if I still have a problem, I can pinpoint it and have a better chance to solve it.

@Goldpen sorry for any confusion, didn't mean to come off as any sort of hostile. We also don't store cookies or have ads anywhere within the website, so even that doesn't pertain to using Discord. We don't plan on having ads at any point in the future, either.

I have a problem. I got a new phone and when i re-installed google authenticator my discord account was no longer in there. how can I disable the 2 step auth then re-enable it? whenever i click "disable 2 step authentication" i ned to put in a 6 digit auth code to confirm it (instead of using my 8 digit recovery codes)

@Cilantrelle There is no option to disable 2FA that uses the backup codes. Under the security tab, there is only "View Backup Codes" and "Disable 2FA". When I click on disable, it asks for an authentication code, and there is no option to enter a backup code instead. I have tried using one instead but it does not work. How are we supposed to use the backup codes?

I just got a new phone and had issues getting Google Authenticator to work. I was having the same issue that I had reported earlier where the Discord servers would not accept my 2FA pin. I was able to find a solution that you may want to document for future reference.

I fixed the issue by doing the following (requires valid backup codes):

Use a backup code to disable the 2FA on the account from within the Windows Desktop Program.

Remove the Discord Key from the Google Authenticator app on your phone.

Turn on 2FA inside the security account settings on the Discord Desktop Program.

Using the QR code provided in the Desktop Program, add the DiscordApp back into Google Authenticator.

Enter the 6 digit authentication code from Google Authenticator into Discord to finish turning on 2FA.

Download and save in a secure place the new list of backup codes.

After doing all of this, it now works again for allowing me to sign in.

I hope this helps. I am glad that I finally figured out a work around that actually worked.

(the only thing that is noticeably different between scanning the QR code on the website after 2FA has already been enabled compared to doing it the way above is that my email address is now listed under the 2FA code when setting it up from the Desktop Application. I suspect this whole issue is the fact that you need to enter the first 6 digit pin to authenticate your phone as the correct 2FA device. Until you complete the Disable/Enable process listed above using previously downloaded recovery codes, the application will not provide the correct pin for your use with 2FA since it does not recognize your device as THE device)

Is there anyway to disable 2FA without the backup codes? I did a factory reset on my phone and completely forgot about 2FA for the 4 accounts I use it for. Is there any way I can do this, or do I need to make a completely new account (which I don't want to do)

I have an old Samsung Rant slide-phone (flip phone/slide phone, whichever you prefer to call it). Is there a way for me to use 2FA with this type of phone? I read through the article and comments, and unless my eyes skipped over an answer, I didn't see anything....? This phone does not have any data stuff, but can receive calls and texts.

@Green_Dragon_Iris, Thank-you for your reply and instructions, however, the phone doesn't go online at all. It can only send/receive texts and calls (and not something like pictures; I've tried that already). It cannot connect to my computer (or rather, I guess I don't have a cable? I've never done that before)... I also don't know about this "microSD"; I don't believe that I even have one.

I know that with my bank online, I have inputted my phone number into their system to receive a combination of numbers that I then use to verify and log in. However, that only requires the phone number and I receive it as a text. There was no downloading or anything else involved. Is there a way to do the 2FA like that? I apologize in advance for any inconvenience my questions may have.